Encryption question

Hello all,

My wife and I are chatting over Skype when I am in Belgium. Despite the fact our conversations are legal and both of us have an empty criminal record, we feel we are spyed on and somebody else is watching our conversations. This is not about who is spying on us, we only want our privacy that is all.

Do you know of any encryption method available natively in Xojo, which cannot be broken by NSA, the British intelligence or anybody else in the world? Because of the poor internet quality in Botswana, we mostly use text conversations.

I am thinking of creating a few hundreds of keys which I share with my wife on paper (not sending over any communication device but deliver it to her myself). Every key will be unique and has a unique ID. Then the only thing we need to send at the beginning of the Skype text conversations is the ID of the key we are gonna use.

So we type the text message in our own application and then copy the message to the Skype textfield. The receiver of the message copy the message into our application again and it is decrypted to the original message again.

What do you think? A good idea? Which encryption method should we use, which is very hard to break? I am sure Xojo can give at least our secure privacy feeling back.

Thank you very much for your advice which is very much appreciated.

Wish you a very nice day.

Chris

I thought Skype was encrypted already. I very well could be wrong though.

Is iMessage an option? That is certainly encrypted.

Finally, the encryption that can’t be broken doesn’t exist. Brute force is always an option, and with enough resources, the messages will be decrypted. My advice: Don’t say anything that would be of interest to anyone.

Thank you very much Kern.

Indeed, iMessage would be a very good solution. However both my wife and myself are on Windows, which does not seems to be supported regretfully.

My view is the same as yours about decryption of messages. Everything can be broken.

The conversation between my wife and myself is sincere and open. We do not have to hide anything from anybody. There is nothingn said or done which we can be blackmailed with. We just feel that somebody is intruding our privacy. You can compare the feeling as if you are sitting with your wife in your living room and then suddenly find out someone installed a small spycam in your living room without you knowing.

I appreciate your input and advice very much.

wish you all the best.

Chris

Is MegaChat an option for you both? Haven’t tested, but here’s a description from TechCrunch:

Thank you Thomas,

Indeed, MegaChat will be a very good Skype alternative because mostly we are just text chatting. We where aware from some time that the NSA is watching Skype. However that will be the same with MegaChat I am sure.

When considering the terrorist activities of the past months and how IS and Boko Haram is developing, we cannot really blame the NSA and other Intelligent services to check on Skype and other communication devices. When it can prevent the killing of innocent people, the better. I also believe this is a better way in the war against terrorism despite the fact it feels wrong by people who stay on the right side of the Law.

For my wife and myself, we understand the reason why NSA has to check global communications. I only hope NSA will also use the information they collected to prevent terrorist attacks all over the world and not only inside the USA.

For us, it is just a personal feeling about being intruded in our private life. I hope to bring a more secure feeling again with extra encryption in our text chatting. I believe we are of no importance for the NSA or other services.

Wish you a very nice day.

Chris

Chris,

Your message has been received. After discussion, we have determined that the Eagle has landed and the fat man walks alone at sunset. Repeat, at sunset.

This post will self-destruct in five seconds. Good luck, Chris…

You very well described how it was more of a feeling of being spied on that an actual fact the NSA woud like to know if your wife stroke the cat or if you liked your breakfast. Why don’t you use the Xojo Crypto class ?

I doubt NSA has a backdoor in the Xojo Crypto class. Small is sometimes beautiful. The behemoth would no doubt spend much more efforts for Skype used by millions, than for Xojo used by 80,000 :wink: Even less for a couple of good citizen.

A simple app that takes text, crypt it and encode it base64 would probably suffice to send through chat, then on arrival you just paste it in the app for decode. On Windows you can even have the app send the encrypted text directly to Skype using SendKey https://forum.xojo.com/6009-sendkey-function

The same app would work for mail, or any textual communication. Since it is between the two of you, the password can be hardcoded within the app.

Thank you Michel and Kern,

Indeed, the Eagle seems to have landed. It is also true that it is more a feeling than a fact. I also agree that small (or simple) is beautiful.

I will take a look into the Crypto class and already looked to the “Sendkey” link you gave me. I think having an extra encryption does not harm anybody. Also it seems that MegaChat is also a very good alternative to Skype because lately Skype conversations seems to be of poor quality.

I appreciate everybodies input very much. Wish you all a very nice day and all the best.

Chris

Without a quantumly entangled communication channel I don’t think there’s a way to send a message that’s absolutely, positively, garaunteed to not be interceptable or decipherable. What you can do is mitigate the possibility.

Even if your communication channel is perfect does your computer already have eyes in it? Your message might be read by a keylogger as you type it into your super-encrypting program. Apparently the NSA has been trying (successfully?) for a decade to tap into Apple products http://america.aljazeera.com/articles/2015/3/10/apple-phones.html.

Here’s an idea to mitigate being noticed you even sent a message. You and your wife each start a blog of food pictures. The picture of your salad is real and looks commonplace but your wife knows it actual codes an encrypted message which one of the keys you previously transfered will unlock. Then again, hiding messages in pictures is a known thing and maybe the NSA is scanning all pictures for any tell-tale markings and this would cause them to focus on you.

How about going old school and send unencrypted, in the clear, text messages but they’ve been crafted so certain letter positions form the real message. What you priorily exchange are sets of randomized letter offsets. Build and run your program on an air-gapped computer, shielded by lead so it’s emissions can’t be remotely picked up. In your program you enter your message then choose a offset list and the letters are shown exploded out into positon in another field where you craft the innocuous version. Then write that down, go to a connected computer, type it in and twitter it. Your wife then writes that down, goes to her air-gapped computer with your program which deciphers it. Not unbreakable but maybe not noticeable. Also, it’s possible your writing voice is being tracked so you’d have to collect your past communications and analyse them so your crafted messages statistical have that same voice.

If what you want to secretly communicate is a very narrow subject you can do what many drug dealers do and just map certain concepts. So talking about being late to something means you want an ounce, mentioning the weather means the popo are tipped off, etc…

Another possibility is to question your concern. There’s healthy paranoia and there’s unhealthy paranoia. If the secret gets out how dire are the consequences, really? To what lengths will someone focus on you, really?

In junior high it was announced there would be random searches of our lockers. When I grumbled about how this is an invasion of privacy to my dad he said ‘if you’re not doing anything wrong you have nothing to be worried about’. That presumes the laws are just, that the people looking don’t misconstrue what they see or they just don’t like it and harass you or use what they discover to their advantage. In my high school it was pretty low stakes but I know there’s places that kill for the above reasons, I hope that’s not your situation. ??

Just be careful you don’t create the impression that you have something to hide. That could be worse than actually having done something.

With long distance communications, it is more like sitting in a bus terminal having a conversation than someone installing a secret camera in your living room. You should adjust your expectations, perhaps.

Hello,
if you are using Apple computers then I would recommend OTR Messaging with Adium. Here is a short tutorial:
https://www.calyxinstitute.org/education/howto-encrypted-instant-messaging-with-osx-adium-and-otr